<br/>
<h1>Changelog from Git</h1><br/><br/>
<div class='changelog'>
-<pre class='wrap'>commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
+<pre class='wrap'>commit 69a7a312dccebc8b5f28f8a5e4a703cb8d447d44
+Merge: d6b8aed 5151426
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2019-03-29 12:25:39 +0100
+
+ Merge pull request #1188 from rouault/fix_abi_check
+
+ abi-check.sh: fix broken download URL
+
+commit 5151426d6e6f7f0e1ae6f050aaa7cec6bc4ffd08
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2019-03-29 11:53:23 +0100
+
+ abi-check.sh: fix broken download URL
+
+commit d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
+Merge: 25b815d a1d32a5
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2019-03-29 11:52:38 +0100
+
+ Merge pull request #1187 from rouault/fix_ubsan_in_opj_t1_encode_cblks
+
+ opj_t1_encode_cblks: fix UBSAN signed integer overflow
+
+commit a1d32a596a94280178c44a55d7e7f1acd992ed5d
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2019-03-29 11:17:39 +0100
+
+ opj_t1_encode_cblks: fix UBSAN signed integer overflow
+
+ Fixes #1053 / CVE-2018-5727
+
+ Note: I don't consider this issue to be a security vulnerability, in
+ practice.
+ At least with gcc or clang compilers on x86_64 which generate the same
+ assembly code with or without that fix.
+
+commit 25b815dc460dbf9def7e6b822c8998727094f85a
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2019-03-29 10:44:35 +0100
+
+ Revert "[JPWL] tgatoimage(): avoid excessive memory allocation attempt,"
+
+ This reverts commit 05be3084460e46282ee63f04c72c451f3271fd28.
+
+ This commit doesn't compile due to missing OPJ_UINT64 type
+
+commit e1740e7ce79d0a1676db4da0f4189b64e85f52cb
+Author: Even Rouault <even.rouault@spatialys.com>
+Date: 2019-03-29 10:40:58 +0100
+
+ Revert "[MJ2] Avoid index out of bounds access to pi->include[]"
+
+ This reverts commit c277159986c80142180fbe5efb256bbf3bdf3edc.
+
+ The commit didn't compile. include_size is not defined in openmj2
+
+commit 51f097e6d5754ddae93e716276fe8176b44ec548
+Merge: e7640f5 8ee3352
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2018-12-21 16:41:00 +0100
+
+ Merge pull request #1172 from hlef/master
+
+ convertbmp: detect invalid file dimensions early (CVE-2018-6616)
+
+commit 8ee335227bbcaf1614124046aa25e53d67b11ec3
+Author: Hugo Lefeuvre <hle@debian.org>
+Date: 2018-12-14 04:58:40 +0100
+
+ convertbmp: detect invalid file dimensions early
+
+ width/length dimensions read from bmp headers are not necessarily
+ valid. For instance they may have been maliciously set to very large
+ values with the intention to cause DoS (large memory allocation, stack
+ overflow). In these cases we want to detect the invalid size as early
+ as possible.
+
+ This commit introduces a counter which verifies that the number of
+ written bytes corresponds to the advertized width/length.
+
+ Fixes #1059 (CVE-2018-6616).
+
+commit e7640f58f122d1228f3d750864543ad4703e18fc
+Merge: e0f5212 05be308
+Author: Even Rouault <even.rouault@mines-paris.org>
+Date: 2018-12-07 21:27:38 +0100
+
+ Merge pull request #1168 from Young-X/fix_dev
+
+ Fix multiple potential vulnerabilities and bugs
+
+commit 05be3084460e46282ee63f04c72c451f3271fd28
+Author: Young Xiao <YangX92@hotmail.com>
+Date: 2018-11-28 14:44:06 +0800
+
+ [JPWL] tgatoimage(): avoid excessive memory allocation attempt,
+ and fixes unaligned load
+
+ Signed-off-by: Young Xiao <YangX92@hotmail.com>
+
+commit bd88611ed9ad7144ec4f3de54790cd848175891b
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 17:15:05 +0800
+
+ [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit ce9583d1d7627e007a34a31ae4e22a00d78bd153
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 17:12:06 +0800
+
+ [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit c58df149900df862806d0e892859b41115875845
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 16:24:19 +0800
+
+ [OPENJP2] change the way to compute *p_tx0, *p_tx1, *p_ty0, *p_ty1 in function
+ opj_get_encoding_parameters
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit c277159986c80142180fbe5efb256bbf3bdf3edc
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 16:12:53 +0800
+
+ [MJ2] Avoid index out of bounds access to pi->include[]
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit e0f5212888c0c1abc5e060a75a3a4a5ff99afd1a
Merge: 92023cd 2e5ab1d
Author: Even Rouault <even.rouault@mines-paris.org>
Date: 2018-11-28 00:04:30 +0100
Derived from a patch by Thuan Pham
+commit 46822d0eddc3324b2a056bc60ffa997027bebd66
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 15:58:23 +0800
+
+ [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit 619e1b086eaa21ebd9b23eb67deee543b07bf06f
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 15:02:26 +0800
+
+ [JPWL] fix CVE-2018-16375
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
+commit c5bd64ea146162967c29bd2af0cbb845ba3eaaaf
+Author: Young_X <YangX92@hotmail.com>
+Date: 2018-11-23 14:47:36 +0800
+
+ [MJ2] To avoid divisions by zero / undefined behaviour on shift
+
+ Signed-off-by: Young_X <YangX92@hotmail.com>
+
commit 92023cd6c377e0384a7725949b25655d4d94dced
Merge: c196b23 cab352e
Author: Even Rouault <even.rouault@mines-paris.org>
Update NEWS.md
-commit 0b8903d9ea482d85dcaf8def1ddc41597105b228
-Author: Antonin Descampe <antonin@gmail.com>
-Date: 2017-10-03 17:08:30 -0300
-
- Preparing v2.3.0 release
-
-commit 47b43dbc2bb5a1e6d61bde91e57ccf7191b07616
-Merge: d45ccb0 8ed5886
-Author: Even Rouault <even.rouault@mines-paris.org>
-Date: 2017-09-28 11:24:59 +0200
-
- Merge pull request #1028 from quangnh89/master
-
- update instructions to build with Visual Studio and 64-Bit Visual C++ Toolset.
-
-commit 8ed588608f13af16f63e38267c1d51b124d6d8ad
-Author: Quang Nguyen <quangnh89@gmail.com>
-Date: 2017-09-28 10:00:09 +0700
-
- update instructions to build with Visual Studio and 64-Bit Visual C++ Toolset.
-
-commit d45ccb048bb2166c5d975f4e1b8acaf8ba3d198d
-Merge: 3f0de88 e17bbde
-Author: Antonin Descampe <antonin@descampe.net>
-Date: 2017-09-26 18:30:20 -0300
-
- Merge pull request #1022 from rouault/partial_component_decoding
-
- Add capability to decode only a subset of all components of an image.
-
-commit 3f0de88c7bf4e56826987aa7d3edb5acdd4399f2
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-22 21:43:09 +0200
-
- Remove opjstyle binary that went inadvertently committed in d4e54e9f35d532062533f1d369c159810b01d224 (#1026)
-
-commit 3dfb01228b4f06a538c2a19352e34fd172e20fe3
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-22 12:03:29 +0200
-
- INSTALL.md: add instructions to build with Visual Studio (#1023, from Winfried instructions)
-
-commit e5a561b5d86e6292832a7baefdcdf24e25821ae3
-Merge: 4c8aba2 f92d30f
-Author: Even Rouault <even.rouault@mines-paris.org>
-Date: 2017-09-21 17:39:24 +0200
-
- Merge pull request #1024 from stweil/warnings
-
- Add missing newline at end of file
-
-commit f92d30f9e7340f50294cca438c1fb62fb4fb03dd
-Author: Stefan Weil <sw@weilnetz.de>
-Date: 2017-09-14 22:02:41 +0200
-
- Add missing newline at end of file
-
- This fixes warnings from the clang compiler:
-
- /openjpeg/src/lib/openjp2/sparse_array.h:141:32: warning:
- no newline at end of file [-Wnewline-eof]
-
- Signed-off-by: Stefan Weil <sw@weilnetz.de>
-
-commit 4c8aba2add074c4a8101156037e9ca7051bc4baf
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:37:01 +0200
-
- Add assertion
-
-commit 113e0976e232ac2110d50405f8629787f3f53cfc
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:14:32 +0200
-
- Comment dead code (Coverity CID 94681)
-
-commit 39082fc6654553f43f6f3a73e0eeaedebc4bdf9f
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:13:16 +0200
-
- Workaround Coverity CID 113061
-
-commit 7711307d865d46ca1bb8bb152071178b10066d05
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:10:49 +0200
-
- Workaround Coverity CID 169392
-
-commit 19e157871ff28bb5e8296f9e9f9aee6a17a37ace
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 14:06:03 +0200
-
- opj_j2k_get_default_thread_count(): validate value of OPJ_NUM_THREADS to fix Coverity 179465 and 179463
-
-commit 68e596dada2ee38a66b01494e5a425e623688300
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-21 13:54:14 +0200
-
- Fix copy&paste error (Coverity CID 169394)
-
-commit 16b701659d7d9f72aade1d695818a645e2f603a6
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-20 01:06:02 +0200
-
- opj_decompress: add a warning when -d and -t are used together (#693)
-
-commit b8c4b450c4b5bec649463573f57235c4f41c57cd
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-20 00:55:22 +0200
-
- Use a #define J2K_MAX_POCS 32 to avoid hard-coded constant (#349)
-
-commit 9cba05762ded66b803df94b00adbd5a97727da95
-Author: Even Rouault <even.rouault@spatialys.com>
-Date: 2017-09-20 00:43:54 +0200
-
- Avoid index-out-of-bounds access when invoking opj_compress with -n 11 or higher. But not a proper fix itself (refs #493)
-
...</pre></div>
</body>
projects / openjpeg.git / blobdiff